Herp a derp

Main menu

Ubuntu Server

Ubuntu Server is my server of choice as of 2012 because of its support (5 years), relatively recent (the 12.04 as of writing of this page), completely free, based on Debian, etc. Not really anymore but I still have vm running it. It has got quite a bit of annoyances (at least for me).

And then (optionally) uncomment SHA_CRYPT_MIN_ROUNDS in /etc/login.defs.

Don’t forget to rerun passwd for all users.

Set root password

sudo passwd root

Not setting root password will allow people with physical access to boot into single user mode and gain root access without password. It’s not like hacking into a server which attacker has physical access is hard but at least he’ll be forced to bring (and boot) his own bootable media.

noatime mount

The only use case for atime is (as far as I know) for mailbox but even that one isn’t really problematic anymore nowadays. Open up /etc/fstab, add noatime mount option to all on-disk filesystems.

Disable vesa boot

Mainly for virtualized environment since I don’t usually look at its console screen.

First, the grub. Open /etc/default/grub, uncomment the following line:

GRUB_TERMINAL=console

Update grub.cfg by running update-grub.

And then the console itself. Comment the following lines in /etc/default/console-setup:

FONTFACE="Fixed"
FONTSIZE="16"

And then uncomment blacklist vesafb in /etc/modprobe.d/blacklist-framebuffer.conf.

Disable terminal 2-6

Disable rDNS for sshd

There isn’t much use doing rDNS lookup for sshd and it causes slow down when connecting.

Disable it with:

echo 'UseDNS no' >> /etc/ssh/sshd_config
service ssh reload

Disable known_hosts hashing

It makes reading known_hosts almost impossible since the host names are hashed instead of using plain text. Unless you plan on connecting to weirdly named servers, it’s better to disable it so the file can be easily read.